Playing with computers since age 13, time to start documenting all the wonderful things and treasures I have discovered and developed - also a blog to serve as a time-saver by not having to reinvent the wheel.

3) Change to the extracted source files directory and build using cmake3 and make.

# cd lximediaserver-0.5.0
# cmake3 -DCMAKE_BUILD_TYPE=Release
# make

A successful build completes with the message "[100%] Built target lximediaserver".

3) Launch the lximediaserver

# ./lximediaserver

This will return to the prompt with lximediaserver running as a daemon (check with "ps -aef | grep lximediaserver")

CONFIGURING LXi Media Server

Configure lximediaserver using the web interface presented by default on port 4280. For example, if the CentOS server is 10.100.0.10, launch a web browser on any machine on the same subnet and visit the URL http://10.100.0.10:4280.

LXi Media Server initial screen

The initial setup screen looks like this. Click on the barely visible "Skip setup assistant" link at the bottom to get to the main setup screen. If you do not see the "Skip setup assistant" link at the bottom, kill and restart the lximediaserver process and refresh your web browser.

LXi Media Server Settings Screen

You will now be presented with the main LXi Media Server Settings screen.

Add all the directories that contain your music, video and picture media one by one to the Folders box, clicking Append to add new subdirectories to the full path name of each and Save when done. This is an unusual way to specify the full pathnames for the media folders, but it works.

Adding media folders to LXi Media Server

You can also adjust the encoding settings depending on how powerful your CPU is and your home network bandwidth.

Wednesday, April 5, 2017

My smart home has been operating on voice commands to turn lights on and off and lock doors for a while now with our Z-Wave devices connected to Wink Hub 2 which is linked to Amazon Alexa assistant on a Amazon Echo and three Amazon Echo Dot units across the house. I was however a bit disappointed till now with our Google Home Assistant missing support for the Wink Hub.

I just happened to check Google Home's smart home capabilities just now and am excited to see a new option in the Google Home app to link our Wink Hub 2!

Google Home takes a room-based approach to classify the Wink Hub devices, which actually makes more sense than Alexa's group-based approach for those rooms that have multiple smart lights. For example, our family room has two smart lights which I labeled FRL1 and FRL2 and then created a group called "Family Room Lights" to be able to say "Alexa turn the family room lights on". On the Google Home, I just assigned FRL1 and FRL2 to the Family Room and that's that. Love it!

Thanks Wink and Google - the Google Home is evolving quietly but very fast!

Here is an iPad screenshot of Google Home's smart home setup with Wink.

Google Home Smart Home Control with Wink Hub 2

If you are interested in making your own home "smart", here are a few Amazon.com links (they include my affiliate code) to some of the devices I am currently using:

Tuesday, April 4, 2017

The amazing pfSense Community Edition forms the first of my three-layer home internet security firewall and gateway. I have a dual-WAN setup with subscriptions to both Verizon FiOS and Comcast Xfinity, with the LAN side feeding into a Sophos UTM 9 which is further protected by ClearOS.

I run pfSense in a virtual machine. However, there are excellent dedicated firewall routers with pfSense preinstalled available that you can simply plug in between your WAN and LAN, like this one (includes my Amazon affiliate link):

I am a huge fan of blocklists and over the years settled down to a functional set of IP and DNSBL blocklists used with the wonderful pfBlockerNG package on my installation of pfSense Community open-source router firewall.

I have completely disabled IPv6; all of the following blocklists are for IPv4, and for DNSBL, domain names.

IP BLOCKLISTS

For the IP blocklists, the top-level blocklist groups are Level-1, Level-2, Level-3, Level-4 and SANYALnet.

pfBlockerNG on pfSense - top level IP (IPv4) blocklist groups

Level-1 IP Blocklist

pfBlockerNG Level-1 IP Blocklist sources

Incoming as well as outgoing connections from / to blocklisted IPs are blocked for these highest risk IP addresses. Of particular concern in modern times are the command-and-control (CNC) botnets particularly infecting digital security and surveillance systems, cameras, routers, televisions, DVD players and all sorts of devices making up the Internet of Things (IoT). The Level-1 IP BL is updated every hour, and the group members are:

In addition to IoT C&C botnets, the other primary threat today is from Ransomware. I only have Firehol Level 2, Ransomware Tracker IP blacklists from abuse.ch including CryptoWall, Locky, TeslaCrypt, TorrentLocker C&C and Payment, and Zeus tracker and ci badguys IP deny blocklists at my level 2, which is also configured to block all outgoing as well as incoming connections. Level 2 IP blocklists are updated every 2 hours.

IP addresses in my level 3 blocklist are denied on the incoming side only, i.e. I allow connections initiated from inside my home LAN out to these IPs to go through. The level 3 IP blacklist addresses are updated every 4 hours. The sources are:

There are only a couple of blacklist sources for my level 4, including Firehol Level 4, and Malware Domain List IP addresses the equivalent domains of which are also included in my list of DNSBL lists separately. Level 4 is configured to block inbound connections only and updated every 8 hours.

The SANYALnet group is a collection of blocklists I maintain myself based on the brute force attacks and intrusion attempts logged by my own servers. This group is updated every hour to minimize on-going attacks.

http://sanyalnet-cloud-vps.freeddns.org/blocklist.txt

http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt

http://sanyalnet-cloud-vps2.freeddns.org/blocklist.txt

http://wbri.duckdns.org/blocklist.txt

http://yiradio.duckdns.org/blocklist.txt

http://glewlwyd.duckdns.org/blocklist.txt

pfBlockerNG DNSBL Feeds

pfBlockerNG DNSBL Feeds DNS Groups

In addition to IP blocklists, I also extensively use pfBlockerNG's domain name blocklisting feature with publicly available domain blocklists.

I use the OpenPhish blocklist to block out emerging zero-day phishing and spear-phishing domains. Following advice from the pfSense forum, I use the "FLEX" as the State to retrieve feeds over https in cases where the usual "ON" state fails to retrieve them citing a peculiar curl error "SSL certificate problem: unable to get local issuer certificate" on pfSense. The feeds in this group are updated every hour.

https://openphish.com/feed.txt

General Domain Blocklist Group

pfBlockerNG DNSBL General Domain Blocklist Group

This group contains a collection of malware, ransomware, adware, spyware, tracker and generally undesirable domain blocklists updated once every day. This includes advertising services, thus making my pfSense firewall an effective ad blocker for all devices on my entire home network.

I turned the Eladkarako and Immortal Long Lived Malware Domains blocklists off because they were too generic and were blocking too many websites used by folks in my home. If you wish, you can turn them on for a more secure DNSBL at the cost of filtering out some websites that are otherwise useful.

Use with care: http://raw.githubusercontent.com/eladkarako/hosts.eladkarako.com/master/_raw__hosts.txt

Use with care: http://mirror1.malwaredomains.com/files/immortal_domains.txt

Hosts File Format Blocklists

pfBlockerNG DNSBL General hosts File Format Blocklist Group

This group contains another long list of advertising domains, malware, ransomware, adware, spyware, tracker and generally undesirable domain blocklists updated daily. I like to keep blocklists formatted like the /etc/hosts file in a separate group.

pfBlockerNG DNSBL Custom Domain Whitelist

pfSense pfBlockerNG DNSBL Custom Domain Whitelist

Sometimes a domain blocklist included in pfSense pfBlockerNG DNSBL configuration will block URLs that you find useful and want to visit. Instead of digging through the logs to figure out which list is blocking your desired domain and disabling the entire list, you can simply add the domains that should not be blocked in the nifty Custom Domain Whitelist feature included as part of the DNSBL configuration.

Consolidated IP and DNSBL Blocklists

I make consolidated IP address and Domain Name blocklists available for free public use from my VPS at the following links; feel free to use them.

pfSense pfBlockerNG in Action

With the pfBlockerNG setup for IP and DNS Blocklists described above, I do see domains and IPs blocked all the time - here is a typical example of pfBlockerNG's "Alert" screen that shows the last 25 IP addresses and domains blocked at the time of writing:

pfSense pfBlockerNG Active Blocked IP Addresses and Domains

A pfBlockerNG force reload log looks like this:

Hope you find this useful and please share the IP and domain blocklists you have found and use in comments below.